[Forgot Password]
Login  Register Subscribe

30479

 
 

423868

 
 

248268

 
 

909

 
 

195051

 
 

282

 
Paid content will be excluded from the download.


Download | Alert*
CVE
view JSON

CVE-2016-4053Date: (C)2016-04-28   (M)2023-12-22


Squid 3.x before 3.5.17 and 4.x before 4.0.9 allow remote attackers to obtain sensitive stack layout information via crafted Edge Side Includes (ESI) responses, related to incorrect use of assert and compiler optimization.

CVSS Score and Metrics +CVSS Score and Metrics -

CVSS V3 Severity:CVSS V2 Severity:
CVSS Score : 3.7CVSS Score : 4.3
Exploit Score: 2.2Exploit Score: 8.6
Impact Score: 1.4Impact Score: 2.9
 
CVSS V3 Metrics:CVSS V2 Metrics:
Attack Vector: NETWORKAccess Vector: NETWORK
Attack Complexity: HIGHAccess Complexity: MEDIUM
Privileges Required: NONEAuthentication: NONE
User Interaction: NONEConfidentiality: PARTIAL
Scope: UNCHANGEDIntegrity: NONE
Confidentiality: LOWAvailability: NONE
Integrity: NONE 
Availability: NONE 
  
Reference:
SECTRACK-1035647
BID-86788
BID-91787
DSA-3625
GLSA-201607-01
RHSA-2016:1138
RHSA-2016:1139
RHSA-2016:1140
SUSE-SU-2016:1996
SUSE-SU-2016:2089
USN-2995-1
http://www.openwall.com/lists/oss-security/2016/04/20/9
http://www.openwall.com/lists/oss-security/2016/04/20/6
http://www.oracle.com/technetwork/security-advisory/cpujul2016-2881720.html
http://www.oracle.com/technetwork/topics/security/linuxbulletinapr2016-2952096.html
http://www.squid-cache.org/Advisories/SQUID-2016_6.txt
openSUSE-SU-2016:2081

CPE    115
cpe:/a:squid-cache:squid:3.4.1
cpe:/a:squid-cache:squid:3.5.0.2
cpe:/a:squid-cache:squid:3.5.0.1
cpe:/a:squid-cache:squid:3.4.4
...
CWE    1
CWE-119
OVAL    18
oval:org.secpod.oval:def:110845
oval:org.secpod.oval:def:110853
oval:org.secpod.oval:def:203941
oval:org.secpod.oval:def:203942
...

© SecPod Technologies